diff options
author | Markus Lehtonen <markus.lehtonen@linux.intel.com> | 2016-02-10 16:15:59 +0200 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2016-02-19 01:01:25 +0000 |
commit | 46994837731b198d869e8f274343c824e480801d (patch) | |
tree | d1d90623b33a2785f6ed1755b2f913d7ec8e90b3 /meta | |
parent | db7c7c2eceda534d0205c6d4eaf09fd192193fb7 (diff) | |
download | poky-46994837731b198d869e8f274343c824e480801d.tar.gz |
sstate.bbclass: use oe.gpg_sign for gpg signing
[YOCTO #9006]
(From OE-Core rev: a3916b29c8c3d0b1570c40c0ed3a1a15c43925bb)
Signed-off-by: Markus Lehtonen <markus.lehtonen@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta')
-rw-r--r-- | meta/classes/sstate.bbclass | 38 |
1 files changed, 17 insertions, 21 deletions
diff --git a/meta/classes/sstate.bbclass b/meta/classes/sstate.bbclass index a6cda6c34f..6c20f69c57 100644 --- a/meta/classes/sstate.bbclass +++ b/meta/classes/sstate.bbclass | |||
@@ -269,23 +269,10 @@ def sstate_install(ss, d): | |||
269 | sstate_install[vardepsexclude] += "SSTATE_DUPWHITELIST STATE_MANMACH SSTATE_MANFILEPREFIX" | 269 | sstate_install[vardepsexclude] += "SSTATE_DUPWHITELIST STATE_MANMACH SSTATE_MANFILEPREFIX" |
270 | sstate_install[vardeps] += "${SSTATEPOSTINSTFUNCS}" | 270 | sstate_install[vardeps] += "${SSTATEPOSTINSTFUNCS}" |
271 | 271 | ||
272 | def sstate_build_gpg_command(d, *args, **kwargs): | ||
273 | # Returns a list for subprocess.call() unless passed flatten=True when this | ||
274 | # returns a flattened string. | ||
275 | l = [d.getVar("GPG_BIN", True) or "gpg"] | ||
276 | if d.getVar("GPG_PATH", True): | ||
277 | l += ["--homedir", d.getVar("GPG_PATH", True)] | ||
278 | l += args | ||
279 | |||
280 | if kwargs.get("flatten", False): | ||
281 | import pipes | ||
282 | return " ".join(map(pipes.quote, l)) | ||
283 | else: | ||
284 | return l | ||
285 | |||
286 | def sstate_installpkg(ss, d): | 272 | def sstate_installpkg(ss, d): |
287 | import oe.path | 273 | import oe.path |
288 | import subprocess | 274 | import subprocess |
275 | from oe.gpg_sign import get_signer | ||
289 | 276 | ||
290 | def prepdir(dir): | 277 | def prepdir(dir): |
291 | # remove dir if it exists, ensure any parent directories do exist | 278 | # remove dir if it exists, ensure any parent directories do exist |
@@ -311,7 +298,8 @@ def sstate_installpkg(ss, d): | |||
311 | d.setVar('SSTATE_PKG', sstatepkg) | 298 | d.setVar('SSTATE_PKG', sstatepkg) |
312 | 299 | ||
313 | if bb.utils.to_boolean(d.getVar("SSTATE_VERIFY_SIG", True), False): | 300 | if bb.utils.to_boolean(d.getVar("SSTATE_VERIFY_SIG", True), False): |
314 | if subprocess.call(sstate_build_gpg_command(d, "--verify", sstatepkg + ".sig", sstatepkg)) != 0: | 301 | signer = get_signer(d, 'local') |
302 | if not signer.verify(sstatepkg + '.sig'): | ||
315 | bb.warn("Cannot verify signature on sstate package %s" % sstatepkg) | 303 | bb.warn("Cannot verify signature on sstate package %s" % sstatepkg) |
316 | 304 | ||
317 | for f in (d.getVar('SSTATEPREINSTFUNCS', True) or '').split() + ['sstate_unpack_package'] + (d.getVar('SSTATEPOSTUNPACKFUNCS', True) or '').split(): | 305 | for f in (d.getVar('SSTATEPREINSTFUNCS', True) or '').split() + ['sstate_unpack_package'] + (d.getVar('SSTATEPOSTUNPACKFUNCS', True) or '').split(): |
@@ -586,7 +574,8 @@ def sstate_package(ss, d): | |||
586 | d.setVar('SSTATE_BUILDDIR', sstatebuild) | 574 | d.setVar('SSTATE_BUILDDIR', sstatebuild) |
587 | d.setVar('SSTATE_PKG', sstatepkg) | 575 | d.setVar('SSTATE_PKG', sstatepkg) |
588 | 576 | ||
589 | for f in (d.getVar('SSTATECREATEFUNCS', True) or '').split() + ['sstate_create_package'] + \ | 577 | for f in (d.getVar('SSTATECREATEFUNCS', True) or '').split() + \ |
578 | ['sstate_create_package', 'sstate_sign_package'] + \ | ||
590 | (d.getVar('SSTATEPOSTCREATEFUNCS', True) or '').split(): | 579 | (d.getVar('SSTATEPOSTCREATEFUNCS', True) or '').split(): |
591 | # All hooks should run in SSTATE_BUILDDIR. | 580 | # All hooks should run in SSTATE_BUILDDIR. |
592 | bb.build.exec_func(f, d, (sstatebuild,)) | 581 | bb.build.exec_func(f, d, (sstatebuild,)) |
@@ -690,15 +679,22 @@ sstate_create_package () { | |||
690 | chmod 0664 $TFILE | 679 | chmod 0664 $TFILE |
691 | mv -f $TFILE ${SSTATE_PKG} | 680 | mv -f $TFILE ${SSTATE_PKG} |
692 | 681 | ||
693 | if [ -n "${SSTATE_SIG_KEY}" ]; then | ||
694 | rm -f ${SSTATE_PKG}.sig | ||
695 | echo ${SSTATE_SIG_PASSPHRASE} | ${@sstate_build_gpg_command(d, "--batch", "--passphrase-fd", "0", "--detach-sign", "--local-user", "${SSTATE_SIG_KEY}", "--output", "${SSTATE_PKG}.sig", "${SSTATE_PKG}", flatten=True)} | ||
696 | fi | ||
697 | |||
698 | cd ${WORKDIR} | 682 | cd ${WORKDIR} |
699 | rm -rf ${SSTATE_BUILDDIR} | 683 | rm -rf ${SSTATE_BUILDDIR} |
700 | } | 684 | } |
701 | 685 | ||
686 | python sstate_sign_package () { | ||
687 | from oe.gpg_sign import get_signer | ||
688 | |||
689 | if d.getVar('SSTATE_SIG_KEY', True): | ||
690 | signer = get_signer(d, 'local') | ||
691 | sstate_pkg = d.getVar('SSTATE_PKG', True) | ||
692 | if os.path.exists(sstate_pkg + '.sig'): | ||
693 | os.unlink(sstate_pkg + '.sig') | ||
694 | signer.detach_sign(sstate_pkg, d.getVar('SSTATE_SIG_KEY'), None, | ||
695 | d.getVar('SSTATE_SIG_PASSPHRASE'), armor=False) | ||
696 | } | ||
697 | |||
702 | # | 698 | # |
703 | # Shell function to decompress and prepare a package for installation | 699 | # Shell function to decompress and prepare a package for installation |
704 | # Will be run from within SSTATE_INSTDIR. | 700 | # Will be run from within SSTATE_INSTDIR. |